Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows System Audio Driver' = '"%WINDIR%\audio32hd.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DoNotAllowExceptions' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'EnableFirewall' = '00000000'
- hidden files
- User Account Control (UAC)
- '%APPDATA%\WUD32Host.exe'
- '%WINDIR%\audio32hd.exe'
- '<SYSTEM32>\netsh.exe' Firewall set opmode disable
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- %APPDATA%\WUD32Host.exe
- %WINDIR%\audio32hd.exe
- '65###589.net':80
- '65####89.thegmc.com':80
- '65#####9.dara-dal.net':80
- '65#####9.unibutton.com':80
- '65####89.no-ip.info':80
- '65####89.webhop.me':80
- '65###589.info':80
- '65#####9.etherbyte.com':80
- '65#####9.embeddedsw.org':80
- '65####89.framed.net':80
- '65####89.home.kg':80
- '65####89.carys.org':80
- '65####89.ddns.net':80
- '65#####9.dnmcoffman.com':80
- '65######.fatesperfection.com':80
- '65######.fintech-llc.com':80
- '65######.servecounterstrike.com':80
- '65######.kevinbradley.org':80
- '65#####9.yngling.com':80
- '65######.##rnando-botero-sculpture.com':80
- '65######.servehalflife.com':80
- '65####89.no-ip.org':80
- '65######.fulltimevillain.net':80
- 'wp#d':80
- '65######.rockingwranchinc.com':80
- '65######.jlengineering.se':80
- '65######.techgoodness.org':80
- '65#####9.serveftp.com':80
- '65###589.us.to':80
- '65##5589.ru':80
- '65#####9.wolmerica.com':80
- '65####89.devi1.net':80
- '65#####9.becompany.org':80
- '65######.death-by-monkeys.com':80
- '65###589.uk.to':80
- wp#d/wpad.dat
- 65###589.net/
- 65####89.thegmc.com/
- 65#####9.dara-dal.net/
- 65#####9.unibutton.com/
- 65####89.no-ip.info/
- 65####89.webhop.me/
- 65###589.info/
- 65#####9.etherbyte.com/
- 65#####9.embeddedsw.org/
- 65####89.framed.net/
- 65####89.home.kg/
- 65####89.carys.org/
- 65####89.ddns.net/
- 65#####9.dnmcoffman.com/
- 65######.fatesperfection.com/
- 65######.fintech-llc.com/
- 65######.servecounterstrike.com/
- 65####89.no-ip.org/
- 65#####9.yngling.com/
- 65######.techgoodness.org/
- 65######.servehalflife.com/
- 65######.jlengineering.se/
- 65######.fulltimevillain.net/
- 65######.##rnando-botero-sculpture.com/
- 65######.rockingwranchinc.com/
- 65#####9.becompany.org/
- 65#####9.wolmerica.com/
- 65#####9.serveftp.com/
- 65######.kevinbradley.org/
- 65##5589.ru/
- 65###589.uk.to/
- 65####89.devi1.net/
- 65###589.us.to/
- 65######.death-by-monkeys.com/
- DNS ASK 65#####9.unibutton.com
- DNS ASK 65###589.net
- DNS ASK 65#####9.embeddedsw.org
- DNS ASK 65#####9.dara-dal.net
- DNS ASK 65####89.thegmc.com
- DNS ASK 65####89.no-ip.info
- DNS ASK 65####89.webhop.me
- DNS ASK 65###589.info
- DNS ASK 65#####9.etherbyte.com
- DNS ASK 65####89.ddns.net
- DNS ASK 65####89.framed.net
- DNS ASK 65####89.gotdns.ch
- DNS ASK 65####89.carys.org
- DNS ASK 65####89.home.kg
- DNS ASK 65#####9.dnmcoffman.com
- DNS ASK 65######.fatesperfection.com
- DNS ASK 65######.fintech-llc.com
- DNS ASK 65######.servecounterstrike.com
- DNS ASK 65####89.no-ip.org
- DNS ASK 65#####9.yngling.com
- DNS ASK 65######.techgoodness.org
- DNS ASK 65######.servehalflife.com
- DNS ASK 65######.##rnando-botero-sculpture.com
- DNS ASK 65######.fulltimevillain.net
- DNS ASK wp#d
- DNS ASK 65######.rockingwranchinc.com
- DNS ASK 65######.jlengineering.se
- DNS ASK 65#####9.wolmerica.com
- DNS ASK 65#####9.serveftp.com
- DNS ASK 65######.kevinbradley.org
- DNS ASK 65##5589.ru
- DNS ASK 65###589.us.to
- DNS ASK 65####89.devi1.net
- DNS ASK 65#####9.becompany.org
- DNS ASK 65######.death-by-monkeys.com
- DNS ASK 65###589.uk.to